General

  • Target

    a56f2c00bb7df3178df39286b9c96918_JaffaCakes118

  • Size

    136KB

  • Sample

    240818-fc8hrawdkg

  • MD5

    a56f2c00bb7df3178df39286b9c96918

  • SHA1

    9c1b5b9d07d843115538406f6498e426c5da61e1

  • SHA256

    7ba3610a9857322aeb9ba722dff5ba2c69f2648e2dd1e3d0276d95f8b569fbb6

  • SHA512

    531e0e949e25e8b76dba659b011816891ab2e41d40ef1be213a63943f433814b53388b4481312cb3c6d0ce06e2d3e1900e2e9148ec791834da051ed7f6cef401

  • SSDEEP

    1536:8UprooPQnepMYSNgIAXnqovYiGAD9KQ1/Onfp27IM70:54wSzuq4HD9R1/W+t0

Malware Config

Targets

    • Target

      a56f2c00bb7df3178df39286b9c96918_JaffaCakes118

    • Size

      136KB

    • MD5

      a56f2c00bb7df3178df39286b9c96918

    • SHA1

      9c1b5b9d07d843115538406f6498e426c5da61e1

    • SHA256

      7ba3610a9857322aeb9ba722dff5ba2c69f2648e2dd1e3d0276d95f8b569fbb6

    • SHA512

      531e0e949e25e8b76dba659b011816891ab2e41d40ef1be213a63943f433814b53388b4481312cb3c6d0ce06e2d3e1900e2e9148ec791834da051ed7f6cef401

    • SSDEEP

      1536:8UprooPQnepMYSNgIAXnqovYiGAD9KQ1/Onfp27IM70:54wSzuq4HD9R1/W+t0

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks